From 2f2b4cbacb72cbeb21d51323296fb90a20c81737 Mon Sep 17 00:00:00 2001 From: ayleph Date: Tue, 27 Jun 2017 22:45:42 -0700 Subject: [PATCH] Fix #5513 - Can't delete blog post drafts Modify the @get_media_entry_by_id decorator to return media regardless of processing state. Separately modify all view functions that use the @get_media_entry_by_id decorator to require that the media be in the processed state, other than for the media_confirm_delete view. This allows blog post drafts to be deleted without returning a 404. Further, it adds the ability to delete unprocessed media in the future, which would be a nice addition to the user processing panel. --- mediagoblin/decorators.py | 3 +-- mediagoblin/edit/views.py | 12 ++++++++++++ mediagoblin/user_pages/views.py | 8 ++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index daeddb3f..2b8343b8 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -268,8 +268,7 @@ def get_media_entry_by_id(controller): @wraps(controller) def wrapper(request, *args, **kwargs): media = MediaEntry.query.filter_by( - id=request.matchdict['media_id'], - state=u'processed').first() + id=request.matchdict['media_id']).first() # Still no media? Okay, 404. if not media: return render_404(request) diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index b15fb2e7..17aea922 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -55,6 +55,10 @@ import mimetypes @get_media_entry_by_id @require_active_login def edit_media(request, media): + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + if not may_edit_media(request, media): raise Forbidden("User may not edit this media") @@ -115,6 +119,10 @@ UNSAFE_MIMETYPES = [ @get_media_entry_by_id @require_active_login def edit_attachments(request, media): + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + if mg_globals.app_config['allow_attachments']: form = forms.EditAttachmentsForm() @@ -499,6 +507,10 @@ def change_email(request): @require_active_login @get_media_entry_by_id def edit_metadata(request, media): + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + form = forms.EditMetaDataForm(request.form) if request.method == "POST" and form.validate(): metadata_dict = dict([(row['identifier'],row['value']) diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 484d27cd..ab235695 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -180,6 +180,10 @@ def media_post_comment(request, media): if not request.method == 'POST': raise MethodNotAllowed() + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + comment = request.db.TextComment() comment.actor = request.user.id comment.content = six.text_type(request.form['comment_content']) @@ -232,6 +236,10 @@ def media_preview_comment(request): def media_collect(request, media): """Add media to collection submission""" + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + form = user_forms.MediaCollectForm(request.form) # A user's own collections: form.collection.query = Collection.query.filter_by( -- 2.25.1